Home > Articles

Marcus Ranum's Computer Security Book List

  • Print
  • + Share This
Check out computer security expert Marcus Ranum's recommended reading list, with his own personal rating system, reviews, and a possible antidote to managers who spew inspirational quotes from Vince Lombardi.
Like this article? We recommend

Mjr's computing bookshelf at this time...

Ratings: 0-10 (10 is highest)
Crunchiness: How useful this would be if you're trying to accomplish a solution to a particular problem
Geekiness: How technical this book is; is it awash in details?
Big Picture: Does this book look at the "big picture" or broader context?

Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition

by William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin
ISBN# 020163466X
Mjr's Ratings: Crunchiness: 4 Geekiness: 6 Big Picture: 9
Who's it for:    Security analysts, CIOs, CTOs, network managers
This book is the original classic on Internet Firewalls, updated based on the authors' (and the rest of our) painful experience in the years since it was first written. The authors strike a splendid balance between detail and big picture, and show a profound understanding of the underlying rules of security. Well-written, and easy-to-read – if there's one computer security "must have" this is it.


Secrets and Lies : Digital Security in a Networked World

by Bruce Schneier
ISBN# 0471253111
Mjr's Ratings: Crunchiness: 4 Geekiness: 6 Big Picture: 9
Who's it for:    Security analysts, CIOs, CTOs, network managers
Bruce comes to security from the viewpoint of a cryptographer. As he expanded his mandate to look at more than just algorithms and endpoints, he realized it is a bigger, more complex, and more balanced problem – and wrote a terrific book that charts his course through security. Excellent and fascinating, deeply thoughtful and insightful; this is not necessarily a "feel-good" book.


Hacking Exposed

by Joel Scambray, Stuart McClure, George Kurtz
ISBN# 0072127481
Mjr's Ratings: Crunchiness: 7 Geekiness: 7 Big Picture: 3
Who's it for:    hackers, security analysts, penetration testers
I generally disapprove of teaching hacking techniques and encouraging people to play with fire. This book does it better than the others, and contains a huge amount of highly technical information on vulnerabilities in systems, as well as how they are exploited. If you want to become a penetration tester, or understand what penetration testers (or hackers) do, then this is the place to start.


The Protocols (TCP/IP Illustrated, Volume 1)

by W. Richard Stevens
ISBN# 0201633469
Mjr's Ratings: Crunchiness: 8 Geekiness: 9 Big Picture: 3
Who's it for:    programmers, network engineers, network implementors, security implementors
Stevens' books are the books to read if you want to understand how TCP/IP works, and how applications use it. The level of detail is amazing; the series goes from fundamentals down to source code in C for TCP stacks. Beautifully written and very clear, who'd have thought that network implementation could be such an interesting topic!


Building Internet Firewalls

by D. Brent Chapman, Elizabeth D. Zwicky
ISBN# 1565921240
Mjr's Ratings: Crunchiness: 5 Geekiness: 7 Big Picture: 4
Who's it for:    security administrators, network administrators
The perfect companion book to Cheswick and Bellovin, this book is a bit more detailed about implementation and is aimed more at the practical networker who needs to build a firewall, write router screening rules, or set up proxy services.


Network Intrusion Detection: An Analysts' Handbook

by Stephen Northcutt
ISBN# 0735708681
Mjr's Ratings: Crunchiness: 4 Geekiness: 6 Big Picture: 5
Who's it for:    network managers, security managers
The current crop of books on intrusion detection lacks a defining classic like Cheswick and Bellovin's, but Northcutt's book is as close as it comes.


The Art of War

by Samuel B. Griffith (Translator), Sun Tzu
ISBN# 0195014766
Mjr's Ratings: Crunchiness: 1 Geekiness: 1 Big Picture: 10
Who's it for:    CIOs, CTOs, security managers, consultants
This is an important book for every computer security analyst to have on his or her bookshelf. Why? Because not only are Sun Tzu's teachings eminently common-sense, he's very quotable. If you need an argument to bolster your position with senior management, nothing will shut them down quicker than a cryptic quote from the master of warfare to open your executive summary. This is the perfect antidote to managers who spew golf-terminology or the motivational messages from Vince Lombardi. "The highest form of generalship is to balk the enemy's plans."


ISP Liability Survival Guide: Strategies for Managing Copyright, Spam, Cache, and Privacy Regulations

by Timothy D. Casey
ISBN# 0471377481
Mjr's Ratings: Crunchiness: 4 Geekiness: 4 Big Picture: 9
Who's it for:    auditors, CIOs, CTOs, service provider senior staff
If you're a service provider, or even a CIO concerned with handling privacy and customer data, this book is incredibly valuable. It's interesting only to a possibly narrow audience, but for those concerned with these issues, it's definitive. If you need to deal with laws and regulations regarding the Internet, you need this book.


The Practice of Programming

by Brian W. Kernighan, Rob Pike
ISBN# 020161586X
Mjr's Ratings: Crunchiness: 8 Geekiness: 8 Big Picture: 7
Who's it for:    programmers and managers of programmers
Kernighan and Pike have now authored two of the finest books on programming that I have ever read. Every level of their books contains useful clues and insights into how to design and build software. They are inveterate command-line programmers; if you're looking for "how to write 3-d user interfaces" this book is not for you. If you're looking for hints on how to become a master programmer for back-end server systems, this may be your cup of tea. If you're not a programmer, this book won't offer you much at all.


Code Complete: A Practical Handbook of Software Construction

by Steve C McConnell
ISBN# 1556154844
Mjr's Ratings: Crunchiness: 7 Geekiness: 7 Big Picture: 5
Who's it for:    programmers, managers of programmers, managers of managers of programmers
McConnell is an important voice in software engineering today. He is ranging from tactical software development (this book) to the big-picture problem of producing high-quality code. He doesn't touch on security much per se; I suspect he'd tell you (I agree!) that security is just a by-product of good design and good implementation. This book is aimed squarely at the software engineer, senior engineer, or engineering manager, and is full of valuable insights in writing maintainable code, organizing projects, and commenting software.


The Nudist on the Late Shift

by Po Bronson
ISBN# 0767906039
Mjr's Ratings: Crunchiness: 0 Geekiness: 5 Big Picture: 9
Who's it for:    parents of programmers, friends of programmers
This book is mostly social commentary about the early days of the ".com" revolution. Those days are gone, now, but it's been a good book for me to give people when they ask me why software engineers and consultants are always such bug-eyed stressed-out individuals. Po Bronson does a good job of conveying the combination of chaos and goofiness that reigned during the late 1990's.


  • + Share This
  • 🔖 Save To Your Account